[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem with ldapadd
On Sun, 9 Jan 2005, Anderson Alves de Albuquerque wrote:
>
>
> I have a problem when i user ldapadd. Look below:
> (OBS:I am show below, after, my slapd.conf and my schema).
> ---------------------------------------------------------------
> ldapadd -x -D "cn=root,ou=voip,ou=nce,o=ufrj,c=br" -w xxxx
> dn: cn=anderson,ou=users,ou=radius,ou=voip,ou=nce,o=ufrj,c=br
> objectclass: person
> objectclass: radiusprofile
> cn: anderson
> sn: Alves
> userPassword:anderson
>
> adding new entry
> "cn=anderson,ou=users,ou=radius,ou=voip,ou=nce,o=ufrj,c=br"
> ldap_add: Invalid syntax (21)
> additional info: objectclass: value #1 invalid per syntax
> -------------------------------------------------------------
>
>
>
>
>
> - Look my slapd.conf:
> (OBS: I use nis.schema and core.schema of the LDAP server)
> ---------------------------------------------------------
> # Configuração do LDAP
> include /etc/ldap/core.schema
> include /etc/ldap/nis.schema
> include /etc/ldap/gnugk_radius_ldap.schema
> loglevel 296
> pidfile /var/run/slapd.pid
> argsfile /var/run/slapd.args
> allow bind_v2
> database ldbm
> suffix "c=br"
> rootdn "cn=root,ou=voip,ou=nce,o=ufrj,c=br"
> rootpw xxxx
> directory /etc/ldap/db
> index objectClass eq
> index uid eq
> mode 0600
> cachesize 2000
> replogfile /etc/ldap/replog
> # Fim da configuração do LDAP
> --------------------------------------------------------
>
>
>
> - I create my schema 'radiusprofile' (gnugk_radius_ldap.schema), look this
> schema below:
> ----------------------------------------------------------
> # Atributos para o registro de usuários H.323
>
> attributetype ( 1.1.2.1.1.1 NAME 'Cisco-AVPair'
> DESC ' CISCO-AVPair '
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> SINGLE-VALUE )
>
> attributetype ( 1.1.2.1.1.2 NAME 'nome'
> DESC 'Nome do usuário'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
>
> attributetype ( 1.1.2.1.1.3 NAME 'cpf'
> DESC 'Número do CPF do usuário'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
>
> attributetype ( 9.9.2342.19200300.100.1.3
> NAME ( 'e-mail' 'rfc822-Mailbox' )
> DESC 'RFC1274: RFC822 Mailbox'
> EQUALITY caseIgnoreIA5Match
> SUBSTR caseIgnoreIA5SubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
>
> attributetype ( 1.1.2.1.1.4 NAME 'alias'
> DESC 'ALIAS E.164 do usuário'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
>
> attributetype ( 1.1.2.1.1.5 NAME 'password'
> DESC 'RFC2256/2307: senha do usuário'
> EQUALITY octetStringMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
>
> attributetype ( 1.1.2.1.1.6 NAME 'Auth-Type'
> DESC 'Tipo de autenticação do usuário'
> EQUALITY caseIgnoreMatch
> SUBSTR caseIgnoreSubstringsMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
>
> #####################################
> # Retirados do RADIUS-LDAPv3.schema #
> #####################################
>
> attributetype ( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType'
> DESC ''
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.3317.4.3.1.32 NAME
> 'radiusServiceType'
> DESC ''
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.3317.4.3.1.18 NAME
> 'radiusFramedProtocol'
> DESC ''
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.3317.4.3.1.15 NAME
> 'radiusFramedIPNetmask'
> DESC ''
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE )
>
> attributetype ( 1.3.6.1.4.1.3317.4.3.1.20 NAME
> 'radiusFramedRouting'
> DESC ''
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> SINGLE-VALUE )
> attributetyp ( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName'
> DESC ''
> EQUALITY caseIgnoreIA5Match
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>
> # Fim dos atributos
>
> ########################
> # Definir objectclasses#
> ########################
> # Observções:
> # O atributo userPassword está declarado em core.schema.
> objectclass ( 1.3.6.1.4.1.3317.4.3.2.1
> NAME 'radiusprofile'
> SUP top STRUCTURAL
> DESC 'Object - Atributos dos usuários.'
> MUST ( uid )
> MAY ( radiusAuthType $ CISCO-AVPair $ userPassword $
> nome $ cpf $ email $ alias $ password $ Auth-Type
> # $ radiusAuthType $ radiusServiceType $ radiusFramedProtocol $
> radiusFramedIPNetmask $ radiusFramedRouting $ radiusGroupName
> ) )
> # Fim do arquivo de esquemas
> ---------------------------------------------------------
>
>
There are two problems that I see. First, the radiusprofile objectclass
requires uid. Your user entry doesn't have the uid attribute, so it will
fail. Secondly, the radiusprofile objectclass and the person objectclass
are both structural and you should have only one structural objectclass.
I would change the radiusprofile objectclass to require cn instead of uid,
as it looks like you want to use cn as the user entry. Or, just add uid
to the entry. Also, you should probably change the radiusprofile
objectclass to auxiliary, so that you can use it in combination with the
person objectclass.